From: Martin KaFai Lau <martin.lau@linux.dev>
To: Jason Xing <kerneljasonxing@gmail.com>
Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, dsahern@kernel.org,
willemdebruijn.kernel@gmail.com, willemb@google.com,
ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
eddyz87@gmail.com, song@kernel.org, yonghong.song@linux.dev,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me,
haoluo@google.com, jolsa@kernel.org, horms@kernel.org,
bpf@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH net-next v5 04/15] net-timestamp: support SK_BPF_CB_FLAGS only in bpf_sock_ops_setsockopt
Date: Wed, 15 Jan 2025 13:22:10 -0800 [thread overview]
Message-ID: <80309f62-0900-4946-bb2c-d73a2b724739@linux.dev> (raw)
In-Reply-To: <20250112113748.73504-5-kerneljasonxing@gmail.com>
On 1/12/25 3:37 AM, Jason Xing wrote:
> We will allow both TCP and UDP sockets to use this helper to
> enable this feature. So let SK_BPF_CB_FLAGS pass the check:
> 1. skip is_fullsock check
> 2. skip owned by me check
>
> Signed-off-by: Jason Xing <kerneljasonxing@gmail.com>
> ---
> net/core/filter.c | 27 +++++++++++++++++++++------
> 1 file changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 1ac996ec5e0f..0e915268db5f 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -5507,12 +5507,9 @@ static int sol_ipv6_sockopt(struct sock *sk, int optname,
> KERNEL_SOCKPTR(optval), *optlen);
> }
>
> -static int __bpf_setsockopt(struct sock *sk, int level, int optname,
> - char *optval, int optlen)
> +static int ___bpf_setsockopt(struct sock *sk, int level, int optname,
> + char *optval, int optlen)
> {
> - if (!sk_fullsock(sk))
> - return -EINVAL;
> -
> if (level == SOL_SOCKET)
> return sol_socket_sockopt(sk, optname, optval, &optlen, false);
> else if (IS_ENABLED(CONFIG_INET) && level == SOL_IP)
> @@ -5525,6 +5522,15 @@ static int __bpf_setsockopt(struct sock *sk, int level, int optname,
> return -EINVAL;
> }
>
> +static int __bpf_setsockopt(struct sock *sk, int level, int optname,
> + char *optval, int optlen)
> +{
> + if (!sk_fullsock(sk))
> + return -EINVAL;
> +
> + return ___bpf_setsockopt(sk, level, optname, optval, optlen);
> +}
> +
> static int _bpf_setsockopt(struct sock *sk, int level, int optname,
> char *optval, int optlen)
> {
> @@ -5675,7 +5681,16 @@ static const struct bpf_func_proto bpf_sock_addr_getsockopt_proto = {
> BPF_CALL_5(bpf_sock_ops_setsockopt, struct bpf_sock_ops_kern *, bpf_sock,
> int, level, int, optname, char *, optval, int, optlen)
> {
> - return _bpf_setsockopt(bpf_sock->sk, level, optname, optval, optlen);
> + struct sock *sk = bpf_sock->sk;
> +
> + if (optname != SK_BPF_CB_FLAGS) {
> + if (sk_fullsock(sk))
> + sock_owned_by_me(sk);
> + else if (optname != SK_BPF_CB_FLAGS)
This is redundant considering the outer "if" has the same check.
Regardless, "optname != SK_BPF_CB_FLAGS" is not the right check. The new
callback (e.g. BPF_SOCK_OPS_TS_SCHED_OPT_CB) can still call
bpf_setsockopt(TCP_*) which will be broken without a lock.
It needs to check for bpf_sock->op. I saw patch 5 has the bpf_sock->op check but
that check is also incorrect. I will comment in there together.
> + return -EINVAL;
> + }
> +
> + return ___bpf_setsockopt(sk, level, optname, optval, optlen);
> }
>
> static const struct bpf_func_proto bpf_sock_ops_setsockopt_proto = {
next prev parent reply other threads:[~2025-01-15 21:22 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-12 11:37 [PATCH net-next v5 00/15] net-timestamp: bpf extension to equip applications transparently Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 01/15] net-timestamp: add support for bpf_setsockopt() Jason Xing
2025-01-12 14:49 ` kernel test robot
2025-01-13 0:11 ` Jason Xing
2025-01-13 7:32 ` Jason Xing
2025-01-14 23:20 ` Martin KaFai Lau
2025-01-14 23:29 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 02/15] net-timestamp: prepare for bpf prog use Jason Xing
2025-01-14 23:39 ` Martin KaFai Lau
2025-01-15 0:09 ` Jason Xing
2025-01-15 0:15 ` Jason Xing
2025-01-15 0:26 ` Martin KaFai Lau
2025-01-15 0:37 ` Jason Xing
2025-01-15 0:43 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 03/15] bpf: introduce timestamp_used to allow UDP socket fetched in bpf prog Jason Xing
2025-01-15 1:17 ` Martin KaFai Lau
2025-01-15 2:28 ` Jason Xing
2025-01-15 2:54 ` Jason Xing
2025-01-16 0:51 ` Martin KaFai Lau
2025-01-16 1:12 ` Jason Xing
2025-01-18 1:42 ` Martin KaFai Lau
2025-01-18 1:58 ` Jason Xing
2025-01-18 2:16 ` Martin KaFai Lau
2025-01-18 2:37 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 04/15] net-timestamp: support SK_BPF_CB_FLAGS only in bpf_sock_ops_setsockopt Jason Xing
2025-01-15 21:22 ` Martin KaFai Lau [this message]
2025-01-15 23:26 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 05/15] net-timestamp: add strict check in some BPF calls Jason Xing
2025-01-12 14:37 ` kernel test robot
2025-01-13 0:28 ` Jason Xing
2025-01-15 21:48 ` Martin KaFai Lau
2025-01-15 23:32 ` Jason Xing
2025-01-18 2:15 ` Martin KaFai Lau
2025-01-18 6:28 ` Jason Xing
2025-01-17 10:18 ` kernel test robot
2025-01-12 11:37 ` [PATCH net-next v5 06/15] net-timestamp: prepare for isolating two modes of SO_TIMESTAMPING Jason Xing
2025-01-15 22:11 ` Martin KaFai Lau
2025-01-15 23:50 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 07/15] net-timestamp: support SCM_TSTAMP_SCHED for bpf extension Jason Xing
2025-01-15 22:32 ` Martin KaFai Lau
2025-01-15 23:57 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 08/15] net-timestamp: support sw SCM_TSTAMP_SND " Jason Xing
2025-01-15 22:48 ` Martin KaFai Lau
2025-01-15 23:56 ` Jason Xing
2025-01-18 0:46 ` Martin KaFai Lau
2025-01-18 1:43 ` Jason Xing
2025-01-19 13:38 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 09/15] net-timestamp: support SCM_TSTAMP_ACK " Jason Xing
2025-01-15 23:02 ` Martin KaFai Lau
2025-01-12 11:37 ` [PATCH net-next v5 10/15] net-timestamp: support hw SCM_TSTAMP_SND " Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 11/15] net-timestamp: support export skb to the userspace Jason Xing
2025-01-15 23:05 ` Martin KaFai Lau
2025-01-15 23:59 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 12/15] net-timestamp: make TCP tx timestamp bpf extension work Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 13/15] net-timestamp: support tcp_sendmsg for bpf extension Jason Xing
2025-01-16 0:03 ` Martin KaFai Lau
2025-01-16 0:41 ` Jason Xing
2025-01-16 1:18 ` Martin KaFai Lau
2025-01-16 1:22 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 14/15] net-timestamp: introduce cgroup lock to avoid affecting non-bpf cases Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 15/15] bpf: add simple bpf tests in the tx path for so_timestamping feature Jason Xing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80309f62-0900-4946-bb2c-d73a2b724739@linux.dev \
--to=martin.lau@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kerneljasonxing@gmail.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=willemb@google.com \
--cc=willemdebruijn.kernel@gmail.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox